Secure Out of Band for Remote Network Rollouts

When rolling out a new distributed network, one of the major misunderstandings is assigning network IP address to each device. Because devices are being installed on remote networks and do not have access to a common DHCP server, they cannot utilize DHCP address assigning. This leaves a manual process to assign each remote device an IP address on that particular network. There are many options to consider in manually assigning these addresses at each remote site:

  1. You can pre-stage each piece of equipment at a staging facility which will have a technician manually inject the proper network address for each device and ship the device configured.  Problems associated with this method include:
  • Technician assigning wrong address to device and then shipping
  • Technician sending device to wrong location
  • Human error

The above problems can only be corrected by a replacement of the unit.

  1. You can have a field technician configure the device at the time of installation. Problems associated with this method include:
  • The installer needs to have a laptop with a serial port
  • The installer needs the proper cable for each device’s serial port.
  • The installer needs to know how to configure each device.
  • The installer needs to know the correct address to put into each device.

The above problems may require a re-visit to correct or a phone call to the NOC where an engineer walks to technician through step by step (now tying up several assets)

  1.    You can use a secure out of band appliance to bring up the site. A secure out of band appliance consists of a secure modem with several serial ports to attach to each network appliance (router, firewall, switch, etc.). This method provides the best path to bring the remote sites up consistently and correctly each time. It also allows for future access to the site for any maintenance and repair access. It is important to use a secure OOB device like one of CDI’s Port Authority line with AES encryption.

Benefits associated with this method include:

  • All equipment can be shipped with factory defaults (no pre-staging required).
  • All equipment does not have to be shipped to a single location and then shipped out. Devices can be shipped directly from separate warehouses, or directly from the manufacturer, to the install site.
  • Once all equipment arrives, a field technician needs only to install each device. No further configuration is required by the field technician.
  • The technician then calls the NOC, where Network Engineers take over remotely and securely from there.
  • The Secure Out of Band device allows Engineers to remotely access the console port on each connected device over a secure telco circuit and configure network addressing and other parameters for the turn-up.
  • Engineers are in control of the turn-up, not field technicians
  • Once the network addressing is complete, the NOC engineers can confirm the site is configured correctly as it is brought up.
  • After the site is brought up, it can still be accessed securely out of band for any additional maintenance or disaster recovery in the future.

Click here to download the PDF version of this white paper.